1 / 9

Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing

Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing. Bogdan Doinea - bdoinea@cisco.com Assoc. Technical Manager CEE, Russia&CIS Cisco Networking Academy. Basic types of ACLs The power of Named ACLs Tips and Tricks The trick to editing Numbered ACLs Technical DEMO.

carsyn
Télécharger la présentation

Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Knowledge NuggetBecome an ACL Wizard – Advanced ACL Editing BogdanDoinea - bdoinea@cisco.com Assoc. Technical Manager CEE, Russia&CIS Cisco Networking Academy

  2. Basic types of ACLs The power of Named ACLs Tips and Tricks The trick to editing Numbered ACLs Technical DEMO Become an ACL Wizard

  3. Basic types of ACLs Numbered ACLs • Standard • Use only layer 3 source addresses • Extended • Can filter using layer3/4 information and by source/destination addresses • Limitations? • When editing, we can only add statements to the end of the ACL access-list 10 permit 192.168.146.0 0.0.1.255 access-list 101 permit tcphost 10.1.1.2 host 172.16.1.1 eqtelnet

  4. The power of named ACLs • Named ACLs have sequence numbers for each entry • All ACLs have an implicit, invisible deny statement at the end • ONLY if they have at least one statement • Recommendation: you should always manually write the deny ip any any rule • in order to see if packets matched it ip access-list extended in_to_out permit tcp host 10.1.1.2 host 172.16.1.1 eqtelnet log deny ip any any

  5. Working with Numbered and Named ACLs • Scenario • Ups! Forgot to give IP 10.1.1.3 access through ssh too! • Quick solution access-list101 permit tcphost 10.1.1.2 host 172.16.1.1 eqtelnet access-list101 permit tcphost 10.1.1.2 host 172.16.1.1 eqssh access-list 101 deny ip 10.1.1.0 0.0.0.255 host 172.16.1.1 ip access-list extended 101

  6. Demo Casting: THE ROUTER CCNA

  7. Useful links Instructor Professional Development One-stop-shop • http://lms.netacad.net – for more Knowledge nuggets • Learning through Gaming: Cisco Aspire • Become an ACL Wizard! • Passport 21 to Entrepreneurship Online communities • http://community.netacad.net • CCNA Topics dedicated to ACLs

  8. Basic types of ACLs The power of Named ACLs Tips and Tricks The trick to editing Numbered ACLs Technical DEMO Summary

More Related